Cleanup & GitHub OAuth Token

It's time to polish our deploy. Right now, you can surf to the /app_dev.php script
on production. You can't really access it... but that file should not be deployed.

Back on the Ansistrano docs, look at the workflow diagram. So far, we've been hooking
into "After Symlink Shared", because that's when the site is basically functional
but not yet live. To delete app_dev.php, let's hook into "Before Symlink". It's
basically the same, but this is the last opportunity to do something right before
the deploy becomes live.

Scroll down to the variables section and copy ansistrano_before_symlink_tasks_file.
In deploy.yml, paste that and set it to a new file: before-symlink.yml:

Composer GitHub Access Token

While we're waiting, there is one thing that could break our deploy: GitHub
rate limiting. If composer install accesses the GitHub API too often, the great
and powerful GitHub monster will kill our deploy! This shouldn't happen, thanks
to Composer's caching, but it is possible.

Tip

Actually, a change made to Composer in 2016 effectively fixed the rate limiting problem.
But the fix (GitHub OAuth token) we will show will allow you to install dependencies
from private repositories.

Google for "Composer GitHub token" to find a spot on their troubleshooting docs
called API rate limit and OAuth tokens.
All we need to do is create a personal access token on GitHub and then run this
command on the server. This will please and pacify the GitHub monster, and the
rate limiting problem will be gone.

Click the Create link and then "Generate new token". Think of
a clever name and give it repo privileges.

Setting the GitHub Token in Ansible

Perfect! We could run the composer config command manually on the server.
But instead, let's do it in our provision playbook: ansible/playbook.yml.

This is pretty easy... except that we probably don't want to hardcode my access
token. Instead, we'll use the Ansible vault: a new vault just for playbook.yml.
As soon as the deploy finishes, create it:

ansible-vault create ansible/vars/provision_vault.yml

Use the normal beefpass as the password. And then, add just one variable:
vault_github_oauth_token set to the new access token:

The docs show the full command we need. Copy the arguments and set arguments
to that string. Replace the <oauthtoken> part with {{ github_oauth_token }}:

182 lines ansible/playbook.yml

---

- hosts:webserver

... lines 3 - 35

tasks:

... lines 37 - 127

- name:SetGitHubOAuthtokenforComposer

composer:

command:config

arguments:'-g github-oauth.github.com "{{ github_oauth_token }}"'

... lines 132 - 182

Also set working_dir to /home/{{ ansible_user }}... the composer module requires
this to be set. And at the end, add a tag: github_oauth:

182 lines ansible/playbook.yml

---

- hosts:webserver

... lines 3 - 35

tasks:

... lines 37 - 127

- name:SetGitHubOAuthtokenforComposer

composer:

command:config

arguments:'-g github-oauth.github.com "{{ github_oauth_token }}"'

working_dir:"/home/{{ ansible_user }}"

tags:

-github_oauth

... lines 135 - 182

Why the tag? Because I really don't want to re-run my entire provision playbook
just for this task. Translation: I'm being lazy! Run the provision playbook, but
with an extra -t github_oauth, just this one time: